CVE-2005-0235
published 2005-05-02CVE-2005-0235: The International Domain Name (IDN) support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in…
PriorityP417medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
1.82%
76.1th percentile
The International Domain Name (IDN) support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opera | opera_browser | <= 7.54 | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vendor_redhat2.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fvfw-wwvf-2x7q: The International Domain Name (IDN) support in Opera 7
ghsa_unreviewed·2022-05-01
CVE-2005-0235 [MEDIUM] GHSA-fvfw-wwvf-2x7q: The International Domain Name (IDN) support in Opera 7
The International Domain Name (IDN) support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
Red Hat
security flaw
vendor_redhat·2005-04-06·CVSS 2.1
CVE-2005-1038 [LOW] security flaw
security flaw
crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
No detection rules found.
Bugzilla
CVE-2005-1038 security flaw
bugzilla·2018-08-16·CVSS 2.1
CVE-2005-1038 [LOW] CVE-2005-1038 security flaw
CVE-2005-1038 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235.
---
Statement:
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Bugzilla
CAN-2005-1038 vixie-cron information leak
bugzilla·2005-07-21·CVSS 2.1
CVE-2001-0235 [LOW] CAN-2005-1038 vixie-cron information leak
CAN-2005-1038 vixie-cron information leak
+++ This bug was initially created as a clone of Bug #162022 +++
+++ This bug was initially created as a clone of Bug #154920 +++
crontab in Vixie cron 4.1, when running with the -e option, allows local users
to read the cron files of other users by changing the file being edited to a
symlink. NOTE: there is insufficient information to know whether this is a
duplicate of CVE-2001-0235.
http://www.securityfocus.com/archive/1/395093
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solut
Bugzilla
CVE-2005-1038 vixie-cron information leak
bugzilla·2005-06-29·CVSS 2.1
CVE-2005-1038 [LOW] CVE-2005-1038 vixie-cron information leak
CVE-2005-1038 vixie-cron information leak
+++ This bug was initially created as a clone of Bug #154920 +++
crontab in Vixie cron 4.1, when running with the -e option, allows local users
to read the cron files of other users by changing the file being edited to a
symlink. NOTE: there is insufficient information to know whether this is a
duplicate of CVE-2001-0235.
http://www.securityfocus.com/archive/1/395093
Discussion:
Our current fix for this issue is not complete. A race condition still exists
between the time we lstat the file in question, and when we open the file.
---
This is now fixed with vixie-cron-4.1-8.EL3, available from:
http://people.redhat.com/~jvdias/cron/RHEL-3/4.1-8.EL3
The race condition has been circumvented: the fopen() is done as
the non-root user, which also f
Bugzilla
CAN-2005-1038 vixie-cron information leak
bugzilla·2005-04-20·CVSS 2.1
CVE-2001-0235 [LOW] CAN-2005-1038 vixie-cron information leak
CAN-2005-1038 vixie-cron information leak
+++ This bug was initially created as a clone of Bug #154922 +++
+++ This bug was initially created as a clone of Bug #154920 +++
crontab in Vixie cron 4.1, when running with the -e option, allows local users
to read the cron files of other users by changing the file being edited to a
symlink. NOTE: there is insufficient information to know whether this is a
duplicate of CVE-2001-0235.
http://www.securityfocus.com/archive/1/395093
Discussion:
Oups...only applies to 4.1 which is not included <= FC2
Bugzilla
CAN-2005-1038 vixie-cron information leak
bugzilla·2005-04-14·CVSS 2.1
CVE-2001-0235 [LOW] CAN-2005-1038 vixie-cron information leak
CAN-2005-1038 vixie-cron information leak
crontab in Vixie cron 4.1, when running with the -e option, allows local users
to read the cron files of other users by changing the file being edited to a
symlink. NOTE: there is insufficient information to know whether this is a
duplicate of CVE-2001-0235.
http://www.securityfocus.com/archive/1/395093
Discussion:
This issue should also affect RHEL2.1 and RHEL3
---
Actually, in RHEL-3, vixie-cron-3.0.1-76 would not have this problem,
becuase it used fstat(fd,&st) on the same original file descriptor
for the file that was unlinked by the attack; since the modification
time had not changed, it would print
'crontab: no changes made to crontab'
and would not install the link as the new crontab.
Because this version crontab did not re-open the f
Bugzilla
CAN-2005-1038 vixie-cron information leak
bugzilla·2005-04-14·CVSS 2.1
CVE-2001-0235 [LOW] CAN-2005-1038 vixie-cron information leak
CAN-2005-1038 vixie-cron information leak
+++ This bug was initially created as a clone of Bug #154920 +++
crontab in Vixie cron 4.1, when running with the -e option, allows local users
to read the cron files of other users by changing the file being edited to a
symlink. NOTE: there is insufficient information to know whether this is a
duplicate of CVE-2001-0235.
http://www.securityfocus.com/archive/1/395093
Discussion:
This is fixed with vixie-cron-4.1-33_FC3, FC-3 update #320 .
---
No errata covers the FC-3 update #320 - this problem is fixed with
vixie-cron-4.1-33_FC3
and in
FC4's vixie-cron-4.1-33
CWE
Insufficient Visual Distinction of Homoglyphs Presented to User
mitre_cwe
CWE-1007 Insufficient Visual Distinction of Homoglyphs Presented to User
CWE-1007: Insufficient Visual Distinction of Homoglyphs Presented to User
The product displays information or identifiers to a user, but the display mechanism does not make it easy for the user to distinguish between visually similar or identical glyphs (homoglyphs), which may cause the user to misinterpret a glyph and perform an unintended, insecure action.
Some glyphs, pictures, or icons can be semantically distinct to a program, while appearing very similar or identical to a human user. These are referred to as homoglyphs. For example, the lowercase "l" (ell) and uppercase "I" (eye) have different character codes, but these characters can be displayed in exactly the same way to a user, depending on the font. This can also occur between different character sets. For example, the Latin
CAPEC
Homograph Attack via Homoglyphs
mitre_capec
[MEDIUM] Homograph Attack via Homoglyphs
CAPEC-632: Homograph Attack via Homoglyphs
An adversary registers a domain name containing a homoglyph, leading the registered domain to appear the same as a trusted domain. A homograph attack leverages the fact that different characters among various character sets look the same to the user. Homograph attacks must generally be combined with other attacks, such as phishing attacks, in order to direct Internet traffic to the adversary-controlled destinations.
Alternate Terms: Homoglyph Attack
Execution Flow:
Step 1 [Explore]: [Determine target website] The adversary first determines which website to impersonate, generally one that is trusted and receives a consistent amount of traffic.
Technique: Research popular or high traffic websites.
Step 2 [Experiment]: [Impersonate trusted domain]
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.htmlhttp://marc.info/?l=bugtraq&m=110782704923280&w=2http://www.novell.com/linux/security/advisories/2005_31_opera.htmlhttp://www.securityfocus.com/bid/12461http://www.shmoo.com/idnhttp://www.shmoo.com/idn/homograph.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/19236http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.htmlhttp://marc.info/?l=bugtraq&m=110782704923280&w=2http://www.novell.com/linux/security/advisories/2005_31_opera.htmlhttp://www.securityfocus.com/bid/12461http://www.shmoo.com/idnhttp://www.shmoo.com/idn/homograph.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/19236
2005-05-02
Published